There's no compelling reason, as far as I know, to run more than one stack with the progress that has been made. IBM recommends that you do not. There's a set of four very good redbooks on TCP/IIP Implementation, SG24-7798-00 through SG24-7801-00. I have leaned on them heavily recently, especially the fourth volume on security and policy based networking. Recently we collapsed a couple of dual stack systems down to one because of the improved flexibility possible in the IP filtering. We were able to restrict access to certain endpoints while letting general traffic flow and that was not something we figured out how to do with the stack based filters.
I am crabbing about having to set up NSS to get IKEv2 and trust chains when I only have one sysplex involved (passtickets, AT-TLS etc etc) but that's another issue. Thomas Ambros Operating Systems and Connectivity Engineering 518-436-6433 This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for which you are receiving the information. 127 Public Square, Cleveland, OH 44114 If you prefer not to receive future e-mail offers for products or services from Key send an e-mail to mailto:dnereque...@key.com with 'No Promotional E-mails' in the SUBJECT line. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN